Skip to content
InningPro
ES EN
Legal · Privacy

Privacy Policy

This policy explains how RVBLM Services LLC handles personal data collected when you use the InningPro mobile app and our website. It is written in plain language and reflects our commitment to minimizing the data we collect, protecting it rigorously and giving you real control over it.

Version
1.0
Effective date
June 27, 2026
Last updated
June 27, 2026

1. Who we are and how to contact us

InningPro is a mobile application for professional scorekeeping of amateur baseball and softball games. It is operated by RVBLM Services LLC, a limited liability company organized under the laws of the State of Illinois, United States, with registered address at 2091 Narcissus Av, Hanover Park, IL 60133, United States. For the purposes of this policy we refer to the company as “InningPro”, “we”, “us”, “RVBLM” or “the data controller” (in European terms, the data controller; in Brazilian terms, the controlador).

1.1 Brazilian Data Protection Officer (Encarregado — LGPD)

For users residing in Brazil, the Data Protection Officer (Encarregado de Tratamento de Dados) for the purposes of Lei 13.709/2018 (LGPD) can be contacted at inningpro-privacidad@ronvillaquin.com. While formal designation before ANPD is being completed, RVBLM Services LLC acts directly as controller and will handle your requests through that channel.

1.2 EU Representative (GDPR Art. 27)

For users residing in the European Union or the European Economic Area, we are in the process of formally designating an EU representative pursuant to Article 27 of Regulation (EU) 2016/679 (GDPR). Until that designation is published, you can exercise your rights by writing directly to the channels listed at the end of this policy.

1.3 Contact channels

For any question about the processing of your personal data, exercise of rights, ARCO requests, objections or complaints: inningpro-privacidad@ronvillaquin.com.

For general legal queries, DMCA notices, reports of illegal content under Regulation (EU) 2022/2065 (DSA), arbitration opt-outs (US residents) or account deletion requests: inningpro-legal@ronvillaquin.com.

For technical support, app issues, subscriptions or operational matters: inningpro-soporte@ronvillaquin.com.

2. Scope and acceptance

This policy applies to every person who creates an account, browses, downloads, installs or uses the InningPro mobile app on any iOS or Android device, as well as the website inningpro.ronvillaquin.com and associated subdomains. By creating an account or using the app you declare you have read this policy, accept its terms and expressly authorize the processing of your personal data for the purposes described herein, without prejudice to non-waivable rights granted by the laws of your country.

If you do not agree with this policy, you must not create an account or use the app. If you accepted it and later change your mind, you can delete your account at any time pursuant to section 9 of this document.

3. Personal data we collect

We collect only the data necessary to provide the service, fulfill our contractual and legal obligations, and operate the platform securely. We apply the principle of data minimization: we never ask for more than strictly necessary for the stated purpose.

3.1 Data you provide

  • Account data: name, email address, password (stored in encrypted form and never visible to us).
  • Profile data: date of birth (required to verify minimum age and category eligibility), gender, country, profile photo, short bio, preferred language, theme preference (light/dark), units system preference (metric/imperial).
  • Sport data: primary playing position, batting side, pitching side, jersey number, height, weight, historical statistics, teams you have belonged or belong to, tournaments you participate in.
  • Identity document or ID card: only when a tournament explicitly requires it as a registration requirement, and only visible to the organizer of that specific tournament.
  • Uploaded content: photos (profile, team logos, tournament logos), PDF files (tournament rulebooks), free text (team name, description, biography).
  • Parental consent data (when applicable): full name and email of the parent or legal guardian of the minor, timestamp of acceptance and version of the accepted text.
  • Communications you send us: support reports, complaints, suggestions, survey responses.

3.2 Automatically generated data

  • Unique user identifier (UID) issued by Firebase Authentication when you create your account.
  • Device metadata: model, operating system and version, system language, time zone, installed app version.
  • IP address (processed by our infrastructure providers for service delivery and fraud prevention, not persistently stored by us).
  • Push notification token (FCM) issued by Firebase Cloud Messaging to send alerts to your device.
  • Product usage events: screens viewed, actions taken (e.g., game created, lineup saved), derived user attributes (e.g., active role: player / manager free / manager pro / organizer).
  • Anonymized technical crash reports, including stack traces and session context.
  • Timestamps of team and tournament views (rate-limited) to feed popularity counters.

3.3 Sensitive data and special categories

We recognize as data of special sensitivity and apply reinforced safeguards to: (a) date of birth, given its role as minor data and protected category; (b) profile photo, considered potentially biometric under certain jurisdictions (GDPR Art. 9, LGPD Art. 5 II); (c) identity document or ID card when uploaded in tournament flows. This data is not used for purposes other than those explicitly declared, is not shared with third parties beyond the providers listed in section 6, and in the case of identity documents is not visible to users other than the organizer of the tournament where it was uploaded.

3.4 Data we do NOT collect

  • Precise geolocation (GPS) — the app does not request location permission from the operating system.
  • Device contacts.
  • Device calendar.
  • Microphone.
  • Health data (heart rate, steps, etc.) — amateur sport statistics are not health data under HIPAA or HealthKit.
  • Derived biometric data (fingerprints, facial geometry), other than what your device handles locally for FaceID or TouchID unlock.
  • Payment financial data: subscriptions are processed entirely on App Store and Google Play; we never see your credit card number or banking data.
  • Third-party information that you have not provided directly — we do not purchase data from brokers nor cross-reference profiles with other apps.

4. Why we use your data and legal basis

Each data item is processed for a specific purpose with a specific legal basis. The following summarizes the main processing activities:

Contract performance: account authentication, profile management, team linking, game scoring, statistics calculation, tournament registration processing, transactional notifications (game live, team invitation accepted, confirmed tournament change).

Legal obligation compliance: minimum age verification, auditable parental consent recording where applicable, retention of tax and accounting records, response to competent authority requests, security breach notification.

Legitimate interest: prevention of fraud, abuse and terms of service violations; usage measurement for product improvement (Firebase Analytics) and technical fault diagnosis (Firebase Crashlytics); operation of view counters for teams and tournaments; dispute resolution; defense against legal claims.

Express consent: when we send promotional or marketing communications by email or push (always opt-in, never by default); when a minor enables public visibility of their profile via guardian consent; when a user uploads photos showing identifiable persons; when a tournament requires an identity document for registration.

We do not use your data for automated decisions that produce significant legal effects on you, nor do we engage in profiling for that purpose.

5. Public visibility and statistics

5.1 General principle

InningPro is a sport ecosystem and, by its nature, certain data is public. Specifically: your name as displayed on your profile, your jersey number, your playing position, your team, the tournaments you participate in, and the statistics generated from games you have played, are visible to other users of the service and from public web views. This visibility is essential to the value proposition of the product (sport recognition, statistical history, public rankings).

5.2 Special regime for minors

When a registered user is a minor, public visibility of their personal profile and identifying photo is disabled by default. It can only be enabled with prior, documented and verifiable consent of the parent, mother or legal guardian. Game statistics in which a minor participated remain visible as part of the legitimate sport record of the team and tournament, but linked exclusively to their sport identifier (number and position), without exposing the photo or personal data beyond the strictly sport context.

5.3 Sharing and external dissemination

The service allows users to share game cards, scoreboards and lineups on social networks. The act of sharing is initiated by the user, who is responsible for ensuring it does not infringe rights of others, especially in the case of minors. RVBLM Services LLC limits itself to providing the technical means and clearly displaying which information will be made public before sharing.

6. Sharing with third parties

6.1 We do not sell your data

RVBLM Services LLC does not sell personal data of its users to third parties. We do not engage in “sale” or “sharing” of personal information for cross-context behavioral advertising as defined by the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) or equivalent US state laws.

6.2 Service providers

We use the following technology providers, who process data on our behalf and under documented contractual obligations (Data Processing Agreement or equivalent):

  • Google Firebase (Google LLC): authentication, real-time database, Firestore, Cloud Functions, Cloud Storage, Cloud Messaging, Analytics, Crashlytics, Hosting. Servers primarily in the United States with multi-regional replication.
  • Apple (Apple Inc.): processing of in-app purchases (Apple App Store), push delivery via APNs.
  • Google Play (Google LLC): processing of in-app purchases on Android.
  • RevenueCat (RevenueCat, Inc.): subscription reconciliation and management.

6.3 International data transfers

Given that several of our providers are based in the United States, some of your personal data may be transferred outside your country of residence. These transfers are protected by Standard Contractual Clauses approved by the European Commission for transfers from the EU/EEA, the UK International Data Transfer Addendum for transfers from the United Kingdom, and equivalent mechanisms recognized by Brazilian and Latin American regulators when applicable.

6.4 Legal or judicial requests

We may disclose personal data if required by a binding legal order issued by a competent authority of a relevant jurisdiction (court, regulator, prosecutor). When the law allows, we will notify the affected user before complying.

7. Notifications

7.1 Transactional

We send transactional push and email notifications related to the operation of the service: confirmed registrations, accepted invitations, game live, tournament confirmed schedule, support responses. These cannot be disabled while you keep your account active, as they are essential to the service.

7.2 Marketing and promotional

We send marketing or promotional communications only with your prior express consent (opt-in). You can withdraw consent at any time from the app settings or via the unsubscribe link in each email.

8. Analytics and crash reports

We use Firebase Analytics and Firebase Crashlytics to understand how the product is used, detect technical failures and prioritize improvements. The processing is based on legitimate interest pursuant to GDPR Art. 6.1.f and equivalents, weighing the benefit of product improvement against the limited impact on user privacy (aggregated and anonymized data, no individual profiling).

Identifiers used by Firebase Analytics do not allow direct identification of the user without crossing them with our internal authentication base. We do not link this data to advertising profiles or cross-context behavioral advertising.

A granular consent banner for EU/UK users is currently deferred. While it is implemented, EU/UK users who wish to fully opt out of analytics can write to inningpro-privacidad@ronvillaquin.com and we will exclude their account from the dataset.

9. Retention and deletion

9.1 General principle

We retain your personal data for as long as your account remains active or for as long as necessary to comply with our legal and contractual obligations, whichever is greater. When the retention period ends, the data is deleted or anonymized.

9.2 Account deletion

You can request the deletion of your account at any time from the app (Profile → Settings → Delete Account) or by emailing inningpro-legal@ronvillaquin.com. We will acknowledge receipt within 72 business hours and process the deletion within a maximum of 30 calendar days.

9.3 What we delete

  • Your email, password, UID, profile photo, biography and personal preferences.
  • Push tokens and linked device data.
  • Parental consent records, when applicable.
  • Communications with support.

9.4 What we retain as historical sport record

Game statistics, scored plays, lineups, substitutions and results in which you participated form part of the legitimate sport record of the team and tournament. They remain as sport history even after deletion of your account, as you accepted upon registration. Your name is replaced by a sport identifier not linkable to your personal identity, except in tournaments with official registration where your full name is preserved as part of the event's sport book.

10. Your rights

10.1 Rights available to all users

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or outdated data.
  • Deletion (right to be forgotten): request deletion of your account pursuant to section 9.
  • Restriction of processing: request that we temporarily limit the use of certain data.
  • Objection: object to processing based on legitimate interest.
  • Data portability: receive your data in a structured, commonly used and machine-readable format.
  • Withdrawal of consent: revoke at any time the consent previously given for marketing communications or other consent-based processing.
  • File a complaint before the data protection authority of your country.

10.2 How to exercise them

Write to inningpro-privacidad@ronvillaquin.com from the email associated with your account. We will respond within 30 calendar days, extendable to 60 in particularly complex cases with notification to you. We may ask you to verify your identity before processing the request to prevent fraud.

11. Minors

InningPro's general minimum age is 13 years old, with the following country-specific exceptions:

11.1 United States (COPPA)

We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data without verifiable parental consent, we will immediately delete it. Parents who suspect their child under 13 has provided us with personal data can write to inningpro-privacidad@ronvillaquin.com to request its deletion.

11.2 European Union (GDPR Art. 8)

Minimum age varies by Member State: 14 in Spain, Italy, Lithuania and Bulgaria; 15 in France, Czech Republic and Greece; 16 in Germany, Netherlands, Hungary, Ireland, Poland, Romania, Slovakia, Croatia and Luxembourg. Below these ages, parental consent is mandatory.

11.3 United Kingdom (Age Appropriate Design Code)

We apply the principles of the ICO's Age Appropriate Design Code: high privacy by default for minors, no nudging towards privacy-reducing settings, clarity of language adapted to age.

11.4 Brazil (LGPD + ECA Digital)

Minimum age 13 with mandatory parental consent. We comply with the recently enacted ECA Digital (Lei 15.211/2025) for protection of children and adolescents in the digital environment.

11.5 Argentina, Mexico, Colombia, Chile and rest of LATAM

We apply the highest standard between the user's country's law and our general 13-year minimum, always with parental consent for minors. In Argentina, Mexico and Colombia we follow the criteria of national data protection authorities (AAIP, INAI, SIC respectively). In Chile, we apply Law 21.719 in force from December 1, 2026.

11.6 Parental consent

Consent is collected verifiably through a flow that requires entering the email of the parent or legal guardian, who receives a confirmation email and must explicitly accept the terms. We record name, email, timestamp and version of the accepted text. Guardians can revoke consent at any time by writing to inningpro-privacidad@ronvillaquin.com.

11.7 Minors' rights

Minors are granted the same rights as adults (access, rectification, deletion, etc.), exercisable both by themselves and by their guardians. By default, public visibility of personal profile and identifying photo is disabled (see section 5.2).

12. Security

We apply reasonable technical and organizational measures to protect your data: encryption in transit (TLS 1.2+) and at rest (managed by Firebase), least-privilege access controls, Firestore security rules, security audits of administrator access, periodic backups, infrastructure provider hardening. No system is 100% impenetrable; we are committed to operating with the diligence expected from a serious sport platform.

13. Security breach notification

Should a security breach occur with significant impact on personal data, we will notify affected users and relevant authorities within the timeframes required by applicable law:

  • European Union / United Kingdom: within 72 hours of becoming aware (GDPR Art. 33; UK DPA 2018).
  • Brazil: within 3 business days of becoming aware (ANPD Resolution CD/ANPD 15/2024).
  • Chile: within 72 hours of becoming aware (Law 21.719).
  • Peru: within 48 hours.
  • California (USA): without unreasonable delay, with breach larger than 500 California residents reportable to Cal AG within 15 days.
  • Rest of the United States: timeframes vary by state; we comply with the most restrictive applicable timeframe.
  • Argentina, Mexico, Colombia and rest of LATAM: timeframes set by each national authority.

The notification will include the nature of the breach, type of data affected, possible consequences, measures taken or proposed and recommendations to the user.

14. Web cookies and analytics on the site

Our website inningpro.ronvillaquin.com does not use third-party tracking cookies, advertising trackers, or persistent analytics cookies. It uses only the technical cookies strictly necessary for site operation (language preference, theme). For browsing logs (without persistent ID), we rely on the legitimate interest of operating the site.

15. Jurisdiction and applicable specific rights

15.1 United States

California residents (CCPA/CPRA), as well as residents of states with comprehensive privacy laws (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Tennessee, Iowa, Indiana, Montana, Florida, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Kentucky, Rhode Island, etc.), enjoy specific rights: right to know what we collect, right to deletion, right to correction, right to portability, right to opt out of sale or sharing (we do not sell or share for cross-context behavioral advertising), right to limit use of sensitive data, right to non-discrimination for exercising rights. To exercise them, write to inningpro-privacidad@ronvillaquin.com.

15.2 European Union and EEA

GDPR rights are listed in section 10. You can also file a complaint before the data protection authority of your country (e.g., AEPD in Spain, CNIL in France, Garante in Italy, BfDI in Germany).

15.3 United Kingdom

UK GDPR + DPA 2018 + DUAA 2025. Same rights as in the EU. Supervisory authority: Information Commissioner's Office (ICO).

15.4 Brazil

Rights of access, confirmation, correction, anonymization, blocking, deletion, portability, information and revocation of consent pursuant to LGPD Art. 18. Supervisory authority: Autoridade Nacional de Proteção de Dados (ANPD). Encarregado: see section 1.1.

15.5 Mexico

ARCO rights (Access, Rectification, Cancellation, Opposition) pursuant to LFPDPPP and its Regulations. Authority: INAI.

15.6 Argentina

Rights pursuant to Law 25.326 (Personal Data Protection) and the bill of advances. Authority: AAIP (Agencia de Acceso a la Información Pública). Right of withdrawal (10 days) recognized in the Civil and Commercial Code (Art. 1110) and Res. SCI 424/2020 (“Botón de Arrepentimiento”).

15.7 Colombia

Rights pursuant to Law 1581 of 2012 and Decree 1377 of 2013. Authority: SIC (Superintendencia de Industria y Comercio).

15.8 Chile

Law 21.719 (in force December 1, 2026) modernizes the regime. Authority: future Personal Data Protection Agency.

15.9 Rest of LATAM

Peru (Law 29.733 + Decree 1353), Ecuador (Organic Law on Personal Data Protection 2021), Uruguay (Law 18.331), Costa Rica (Law 8.968), Panama (Law 81 of 2019), Dominican Republic (Law 172-13). We respect the rights recognized by the law of your country of residence.

16. Automated decisions and profiling

We do not make automated decisions that produce significant legal effects on users, nor do we use systematic profiling for that purpose. The calculation of statistics is a numerical operation derived from scored plays and does not constitute profiling in legal terms.

17. Changes to this policy

We may update this policy to reflect legal, technical or product changes. Substantial changes will be notified at least 30 calendar days before entering into effect, via in-app notice, email and publication on the website. If you do not accept the change, you can delete your account before it takes effect.

18. Languages

This policy is published in Spanish and English. In case of interpretive discrepancy, the Spanish version prevails for users residing in Spanish-speaking countries, and the English version for all others. Translations to other languages, if any, are courtesy only and not binding.

19. Contact

Privacy: inningpro-privacidad@ronvillaquin.com
Legal / account deletion: inningpro-legal@ronvillaquin.com
Support: inningpro-soporte@ronvillaquin.com

20. Version and effective date

Version 1.0 · Last updated: June 27, 2026 · Effective: June 27, 2026.